New Jersey

Summary

Law: An Act concerning commercial Internet websites, online services, consumers, and personally identifiable information (the Act)

Regulator: New Jersey Office of the Attorney General (AG)

Summary: On January 16, 2024, Senate Bill 332 for An Act concerning commercial Internet websites, online services, consumers, and personally identifiable information (the Act) was signed by the Governor of New Jersey. The Act functions as comprehensive privacy legislation, providing for data subject rights, obligations of data controllers and data processors, and the exclusive enforcement of its provisions by the New Jersey Attorney General (AG).

Although there is no explicit protection of the right to privacy in the New Jersey Constitution, New Jersey courts have interpreted Article 1(1) of the Constitution to guarantee an individual's right to privacy. In addition, there are various privacy-related provisions in the New Jersey Revised Statutes and the New Jersey Administrative Code that create obligations for data collected by companies in different sectors, including the health, financial, employment, and education sectors.

Under the New Jersey breach notification requirements, businesses need to disclose, without unreasonable delay, breaches of computerized records to affected customers as well as to the Division of State Police in the New Jersey Department of Law and Public Safety.

You can follow legislative developments in the US through the USA State Law Tracker.

Browse more content in New Jersey

All Guidance Notes

All News

All Insights

News

18 November 2024

New Jersey: Resolution for voluntary AI commitments introduced to Assembly

13 June 2024

New Jersey: Bill for Artificial Intelligence Council introduced to Assembly

12 June 2024

New Jersey: Bill for Artificial Intelligence Council introduced to Senate

07 March 2024

New Jersey: Bill on personal information deletion by car rental providers introduced to Assembly

26 February 2024

New Jersey: Bill on Automated Employment Decision Tools introduced to Assembly

15 February 2024

New Jersey: Bill on Automated Employment Decision Tools introduced to State Senate

17 January 2024

New Jersey: Bill on personal information signed by Governor

09 January 2024

New Jersey: Bill on personal information passes Assembly and Senate

06 October 2023

New Jersey: AG publishes $49.5M settlement with Blackbaud over data breach

02 August 2023

New Jersey: Bill on minors' data privacy reported out of Committee with amendments and read for the second time

31 July 2023

New Jersey: Governor signs bill concerning telemarketers

18 May 2023

New Jersey: Bill on personal information transparency obligations amended by State Assembly Comittee

Insights

May 2024

USA: New privacy laws in Kentucky, New Hampshire, and New Jersey: More of the same, only different

Kentucky's Governor Andy Beshear signed the Act Relating to Consumer Data Privacy as an addition to Kentucky's Consumer Protection Act (under Chapter 367 of the Kentucky Revised Statutes) on April 4, 2024. Kentucky's new privacy law is the 16^th state consumer privacy law enacted in the US and the third in 2024. It shares many of the same features as the other comprehensive US state privacy laws. Julia Jacobson and Alexandra Kiosse, from Squire Patton Boggs, compare 2024's first three new consumer privacy laws.

March 2024

New Jersey: The Data Protection Act - here's what you need to know

New Jersey became the 13th state to enact comprehensive privacy legislation when Governor Murphy signed S332 into law on January 16, 2024. The New Jersey Data Protection Act (NJDPA) is designed to protect the personal data of New Jersey residents and imposes various obligations and requirements on persons and entities that are deemed to be 'controllers' (i.e., who alone or jointly determine the purpose and means of processing a consumer's personal data) or 'processors' (i.e., who process personal data on behalf of the controller). The NJDPA will become effective and enforceable on January 15, 2025. Although the NJDPA shares many similarities with other comprehensive state privacy laws - like the Colorado Privacy Act and the Virginia Consumer Data Protection Act - there are significant differences that businesses must consider to ensure they comply with the unique requirements of the laws of each state that may apply to business operations. John T. Wolak, Partner at Gibbons P.C., covers the main provisions that businesses should consider to ensure compliance with the NJPDA.

January 2024

New Jersey: The Act concerning online services, consumers, and personal data - a comprehensive state privacy law

New Jersey has joined other US states in adopting a comprehensive state privacy law. The Act concerning online services, consumers, and personal data (the Act), was originally introduced to the New Jersey State Senate in January 2022. Since then, the bill has passed the General Assembly and the State Senate, and was signed by the Governor of New Jersey, Philip D. Murphy, on January 16, 2024. The Act will enter into effect 365 days following its enactment on January 15, 2025.

The Act protects consumer privacy by requiring data controllers, such as websites and online service providers, to notify consumers of the collection, disclosure, and sale of their personal data. Controllers must allow consumers to opt out of such collection, disclosure, or sale in certain circumstances. OneTrust DataGuidance Research provides an overview of the Act.

New Jersey

Summary

Browse more content in New Jersey

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us